LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   "tail"ing a file by keyword / pattern (https://www.linuxquestions.org/questions/linux-newbie-8/tail-ing-a-file-by-keyword-pattern-4175561221/)

MrScoville 12-11-2015 07:51 AM

"tail"ing a file by keyword / pattern
 
Hi there,

a certain command's output contains a certain keyword. Anything else before the keyword doesn't matter in the current use-case. I only want to see the line starting with the keyword and the rest of the output.

Example:

foo 1 2 3
bar 4 5 6
baz 7 8 9
Keyword Some More Stuff
1 2 3 4
2 3 4 5

I don't know how many lines are before "Keyword.*", and how many may follow. In the example, I'd like to see the last 3 lines.

Of course I could write a Bash script containing some weird stuff like grepping Keyword with -n so I'd have the line number of Keyword, then grepping . -n so I'd have the overall line number, emit an expr and tail accordingly, but isn't there an easier way, perhaps something that one could 'alias' in .bashrc? Sed, Awk, I don't know.

Thanks in advance and have a nice weekend!

PS: Neither the lines before the Keyword line nor the ones after are certain to follow a pattern that would be easy to grep -v | grep.

grail 12-11-2015 07:54 AM

Yes I would use awk for such a challenge

MrScoville 12-11-2015 08:21 AM

Quote:

Originally Posted by grail (Post 5462825)
Yes I would use awk for such a challenge

I guessed so, but because I am a Newbie (at least when it comes to awk and fellows) I've posted my question to the Newbie Forum. Perhaps you have some hints at hand? Thanks :)

Habitual 12-11-2015 08:40 AM

something like
Code:

tail -n 3 -f  /path/to/file.log | grep <keyword>
?

source:
Code:

2015-12-10 01:04:43,093 fail2ban.actions: WARNING [c9badbots] Ban 203.133.170.11
2015-12-10 02:17:47,933 fail2ban.actions: WARNING [c9custom] Ban 46.166.139.20
2015-12-10 06:20:52,645 fail2ban.actions: WARNING [c9custom] Ban 192.129.227.26

shows
Code:

tail -n 3 -f  /var/log/fail2ban.log | grep c9custom
2015-12-10 02:17:47,933 fail2ban.actions: WARNING [c9custom] Ban 46.166.139.20
2015-12-10 06:20:52,645 fail2ban.actions: WARNING [c9custom] Ban 192.129.227.26

Have Fun!

rknichols 12-11-2015 08:51 AM

How about
Code:

sed -n '/Keyword/,$p'

MrScoville 12-11-2015 09:11 AM

Quote:

Originally Posted by rknichols (Post 5462844)
How about
Code:

sed -n '/Keyword/,$p'

100.00 percent perfect! I knew there had to be a simple solution. As there is always one in Linux. Exactly this is what I've been looking for! Thank you, @rknichols!

Kudos!

grail 12-11-2015 09:15 AM

Code:

awk '/Keyword/{x=1}x'

MrScoville 12-11-2015 09:45 AM

Just in case somebody might be curious why I asked the initial question... On a Linux running systemd emitting "mount" will result in a bunch of confusing... well... stuff, like this on my Raspberry Pi almost instantly after installing the image:

/dev/mmcblk0p2 on / type ext4 (rw,noatime,nodiratime,errors=remount-ro,commit=120,data=ordered)
devtmpfs on /dev type devtmpfs (rw,relatime,size=494116k,nr_inodes=123529,mode=755)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,nodev,mode=755)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=23,pgrp=1,timeout=300,minproto=5,maxproto=5,direct)
mqueue on /dev/mqueue type mqueue (rw,relatime)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
configfs on /sys/kernel/config type configfs (rw,relatime)
/dev/mmcblk0p1 on /boot type vfat (rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,errors=remount-ro)

"Almost instantly", because I've added a swap partition. Where is it? Right, not listed.

Next try: df -a

Filesystem 1K-blocks Used Available Use Mounted on
/dev/root 721848 465468 203880 70% /
devtmpfs 494116 0 494116 0% /dev
sysfs 0 0 0 - /sys
proc 0 0 0 - /proc
tmpfs 498420 0 498420 0% /dev/shm
devpts 0 0 0 - /dev/pts
tmpfs 498420 6592 491828 2% /run
tmpfs 5120 0 5120 0% /run/lock
tmpfs 498420 0 498420 0% /sys/fs/cgroup
cgroup 0 0 0 - /sys/fs/cgroup/systemd
cgroup 0 0 0 - /sys/fs/cgroup/cpuset
cgroup 0 0 0 - /sys/fs/cgroup/cpu,cpuacct
cgroup 0 0 0 - /sys/fs/cgroup/blkio
cgroup 0 0 0 - /sys/fs/cgroup/devices
cgroup 0 0 0 - /sys/fs/cgroup/freezer
cgroup 0 0 0 - /sys/fs/cgroup/net_cls
systemd-1 0 0 0 - /proc/sys/fs/binfmt_misc
mqueue 0 0 0 - /dev/mqueue
debugfs 0 0 0 - /sys/kernel/debug
configfs 0 0 0 - /sys/kernel/config
/dev/mmcblk0p1 62378 19866 42512 32% /boot

Again not. Next idea: Assume all filesystems in /etc/fstab have been mounted, and look at fstab:

/dev/mmcblk0p1 /boot vfat defaults 0 2
/dev/mmcblk0p2 / ext4 errors=remount-ro,noatime,nodiratime,commit=120 0 1
/dev/mmcblk0p3 swap swap defaults 0 0

But where have blocks and sizes gone?

Well, now comes @rknichols solution: fstab -l | sed -n '/Device/,$p'

Edit ~/.bashrc and add:

alias pmount='fdisk -l | sed -n \/^Device\/,\$p'

Import it: . ~/.bashrc

Then emit pmount:

Device Boot Start End Sectors Size Id Type
/dev/mmcblk0p1 16 125055 125040 61.1M b W95 FAT32
/dev/mmcblk0p2 125056 1626112 1501057 733M 83 Linux
/dev/mmcblk0p3 1628160 10016767 8388608 4G 82 Linux swap / Solaris

THERE it is!

:)

smallpond 12-11-2015 09:51 AM

How about

Code:

grep -A 1000 Keyword


All times are GMT -5. The time now is 07:26 AM.